From 871d1e4497f44d6ea8ee7062875401aa5267a6d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Ga=C3=9Fner?= <40096303+moonrail@users.noreply.github.com> Date: Mon, 5 Jul 2021 23:31:20 +0200 Subject: [PATCH] Fix tag "wg-install" & Add no_log (#110) * Fixed tag "wg-install" inheritance to included tasks Fixes #109 * Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher Fixes #81 --- tasks/main.yml | 14 +++++++++++++- tasks/setup-archlinux.yml | 6 ------ tasks/setup-centos-7.yml | 4 ---- tasks/setup-centos-8.yml | 4 ---- tasks/setup-debian-pve-variant.yml | 4 ---- tasks/setup-debian-raspbian.yml | 18 ------------------ tasks/setup-debian-vanilla.yml | 4 ---- tasks/setup-debian.yml | 18 +++++++++++++++--- tasks/setup-fedora-32.yml | 2 -- tasks/setup-fedora.yml | 2 -- tasks/setup-macosx.yml | 4 ---- tasks/setup-opensuse leap.yml | 3 --- tasks/setup-ubuntu.yml | 8 -------- 13 files changed, 28 insertions(+), 63 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index b0b9cb9..c79139e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -6,13 +6,19 @@ setup: # Installing WireGuard [[[1 -- include_tasks: "{{ item }}" +- include_tasks: + file: "{{ item }}" + apply: + tags: + - wg-install with_first_found: - "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml" - "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml" - "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" - "setup-{{ ansible_distribution|lower }}.yml" - "setup-{{ ansible_os_family|lower }}.yml" + tags: + - wg-install - name: Enable WireGuard kernel module modprobe: @@ -56,12 +62,14 @@ command: "wg genkey" register: wireguard__register_private_key changed_when: false + no_log: '{{ ansible_verbosity < 3 }}' tags: - wg-generate-keys - name: Set private key fact set_fact: wireguard_private_key: "{{ wireguard__register_private_key.stdout }}" + no_log: '{{ ansible_verbosity < 3 }}' tags: - wg-generate-keys when: @@ -73,12 +81,14 @@ slurp: src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" register: wireguard__register_config + no_log: '{{ ansible_verbosity < 3 }}' tags: - wg-config - name: Set private key fact set_fact: wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}" + no_log: '{{ ansible_verbosity < 3 }}' tags: - wg-config when: @@ -92,6 +102,7 @@ register: wireguard__register_public_key changed_when: false check_mode: no + no_log: '{{ ansible_verbosity < 3 }}' tags: - wg-config @@ -117,6 +128,7 @@ owner: "{{ wireguard_conf_owner }}" group: "{{ wireguard_conf_group }}" mode: "{{ wireguard_conf_mode }}" + no_log: '{{ ansible_verbosity < 3 }}' tags: - wg-config notify: diff --git a/tasks/setup-archlinux.yml b/tasks/setup-archlinux.yml index 9669991..2881ca2 100644 --- a/tasks/setup-archlinux.yml +++ b/tasks/setup-archlinux.yml @@ -10,8 +10,6 @@ - { name: wireguard-dkms, state: absent } - { name: wireguard-lts, state: present } become: yes - tags: - - wg-install when: - ansible_kernel is match(".*-lts$") - ansible_kernel is version('5.6', '<') @@ -21,8 +19,6 @@ name: wireguard-dkms state: present become: yes - tags: - - wg-install when: - not ansible_kernel is match(".*-lts$") - ansible_kernel is version('5.6', '<') @@ -31,5 +27,3 @@ pacman: name: wireguard-tools state: present - tags: - - wg-install diff --git a/tasks/setup-centos-7.yml b/tasks/setup-centos-7.yml index e31ee70..81e32cd 100644 --- a/tasks/setup-centos-7.yml +++ b/tasks/setup-centos-7.yml @@ -19,8 +19,6 @@ name: - "wireguard-dkms" state: absent - tags: - - wg-install - name: (CentOS 7) Install WireGuard packages yum: @@ -28,5 +26,3 @@ - "kmod-wireguard" - "wireguard-tools" state: present - tags: - - wg-install diff --git a/tasks/setup-centos-8.yml b/tasks/setup-centos-8.yml index d1061b8..69810d0 100644 --- a/tasks/setup-centos-8.yml +++ b/tasks/setup-centos-8.yml @@ -14,8 +14,6 @@ name: - "wireguard-dkms" state: absent - tags: - - wg-install - name: (CentOS 8) Install WireGuard packages yum: @@ -23,5 +21,3 @@ - "kmod-wireguard" - "wireguard-tools" state: present - tags: - - wg-install diff --git a/tasks/setup-debian-pve-variant.yml b/tasks/setup-debian-pve-variant.yml index de5c6a2..408f6bd 100644 --- a/tasks/setup-debian-pve-variant.yml +++ b/tasks/setup-debian-pve-variant.yml @@ -9,8 +9,6 @@ repo: "deb http://deb.debian.org/debian buster-backports main" state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}" update_cache: yes - tags: - - wg-install - name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS apt: @@ -23,5 +21,3 @@ name: - "wireguard" state: present - tags: - - wg-install diff --git a/tasks/setup-debian-raspbian.yml b/tasks/setup-debian-raspbian.yml index e72f919..8930f61 100644 --- a/tasks/setup-debian-raspbian.yml +++ b/tasks/setup-debian-raspbian.yml @@ -16,16 +16,12 @@ with_items: - "04EE7237B7D453EC" - "648ACFD622F3D138" - tags: - - wg-install - name: (Raspbian) Add Debian Buster Backports repository for WireGuard apt_repository: repo: "deb http://deb.debian.org/debian buster-backports main" state: present update_cache: yes - tags: - - wg-install - name: (Raspbian) Install latest kernel apt: @@ -33,8 +29,6 @@ - "raspberrypi-kernel" state: latest register: wireguard__register_kernel_update - tags: - - wg-install - name: (Raspbian) Reboot after kernel update (Ansible >= 2.8) reboot: @@ -42,8 +36,6 @@ when: - ansible_version.full is version('2.8.0', '>=') - wireguard__register_kernel_update is changed - tags: - - wg-install - name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8) stat: @@ -56,8 +48,6 @@ - ansible_version.full is version('2.8.0', '<') - wireguard__register_kernel_update is changed - not wireguard__register_molly_guard.stat.exists - tags: - - wg-install - name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard) command: /lib/molly-guard/shutdown -r now @@ -68,8 +58,6 @@ - ansible_version.full is version('2.8.0', '<') - wireguard__register_kernel_update is changed - wireguard__register_molly_guard.stat.exists - tags: - - wg-install - name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard) wait_for_connection: @@ -77,16 +65,12 @@ - ansible_version.full is version('2.8.0', '<') - wireguard__register_kernel_update is changed - wireguard__register_molly_guard.stat.exists - tags: - - wg-install - name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS apt: name: - "raspberrypi-kernel-headers" state: latest - tags: - - wg-install - name: (Raspbian) Install WireGuard packages apt: @@ -94,5 +78,3 @@ - "wireguard-dkms" - "wireguard-tools" state: present - tags: - - wg-install diff --git a/tasks/setup-debian-vanilla.yml b/tasks/setup-debian-vanilla.yml index 0b9e21a..2142023 100644 --- a/tasks/setup-debian-vanilla.yml +++ b/tasks/setup-debian-vanilla.yml @@ -8,8 +8,6 @@ repo: "deb http://deb.debian.org/debian buster-backports main" state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}" update_cache: yes - tags: - - wg-install - name: (Debian) Install kernel headers for the currently running kernel to compile Wireguard with DKMS apt: @@ -35,5 +33,3 @@ name: - "wireguard" state: present - tags: - - wg-install diff --git a/tasks/setup-debian.yml b/tasks/setup-debian.yml index da69b2b..fb77475 100644 --- a/tasks/setup-debian.yml +++ b/tasks/setup-debian.yml @@ -3,15 +3,27 @@ # Copyright (C) 2021 Steve Fan # SPDX-License-Identifier: GPL-3.0-or-later -- include_tasks: "setup-debian-raspbian.yml" +- include_tasks: + file: "setup-debian-raspbian.yml" + apply: + tags: + - wg-install when: ansible_lsb.id is defined and ansible_lsb.id == "Raspbian" register: wireguard__register_raspbian_setup -- include_tasks: "setup-debian-pve-variant.yml" +- include_tasks: + file: "setup-debian-pve-variant.yml" + apply: + tags: + - wg-install when: ansible_kernel.find("pve") != -1 register: wireguard__register_pve_variant_setup -- include_tasks: "setup-debian-vanilla.yml" +- include_tasks: + file: "setup-debian-vanilla.yml" + apply: + tags: + - wg-install when: - wireguard__register_raspbian_setup is skipped - wireguard__register_pve_variant_setup is skipped diff --git a/tasks/setup-fedora-32.yml b/tasks/setup-fedora-32.yml index 67448be..a206898 100644 --- a/tasks/setup-fedora-32.yml +++ b/tasks/setup-fedora-32.yml @@ -16,5 +16,3 @@ - "wireguard-dkms" - "wireguard-tools" state: present - tags: - - wg-install diff --git a/tasks/setup-fedora.yml b/tasks/setup-fedora.yml index 108e4ce..49f9c2f 100644 --- a/tasks/setup-fedora.yml +++ b/tasks/setup-fedora.yml @@ -7,5 +7,3 @@ name: - "wireguard-tools" state: present - tags: - - wg-install diff --git a/tasks/setup-macosx.yml b/tasks/setup-macosx.yml index e542fc9..3f45e53 100644 --- a/tasks/setup-macosx.yml +++ b/tasks/setup-macosx.yml @@ -7,12 +7,8 @@ name: wireguard-go state: present become: yes - tags: - - wg-install - name: (MacOS) Install wireguard-tools package package: name: wireguard-tools state: present - tags: - - wg-install diff --git a/tasks/setup-opensuse leap.yml b/tasks/setup-opensuse leap.yml index 808dc60..04c0388 100644 --- a/tasks/setup-opensuse leap.yml +++ b/tasks/setup-opensuse leap.yml @@ -8,6 +8,3 @@ name: - "wireguard-tools" state: present - tags: - - wg-install - diff --git a/tasks/setup-ubuntu.yml b/tasks/setup-ubuntu.yml index c25b724..05ca3ae 100644 --- a/tasks/setup-ubuntu.yml +++ b/tasks/setup-ubuntu.yml @@ -6,8 +6,6 @@ apt: update_cache: "{{ wireguard_ubuntu_update_cache }}" cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}" - tags: - - wg-install - block: - name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10) @@ -18,8 +16,6 @@ packages: - software-properties-common - linux-headers-{{ ansible_kernel }} - tags: - - wg-install when: - ansible_lsb.major_release is version('19.10', '<') @@ -28,12 +24,8 @@ name: - "wireguard-dkms" state: absent - tags: - - wg-install - name: (Ubuntu) Install wireguard package apt: name: "wireguard" state: present - tags: - - wg-install